Attack by virus / or not??

pollsdolls

I have a problem when I am logged into my PC under my username. I was online earlier, and was alerted that a virus was present. Windows popped up everywhere telling me I had been hacked, and that spyware, worms & trojans were detected.

All the security seemed to take me to Win7 Security 2011. And asking me to buy a complete system, or update my present one? I cannot access my firewall without one of these windows popping up and warning me of attacks & to buy Win7 Security 2011.

I have run a full scan with Avira Antiv and there were no problems reported.

Yet I still cannot access the internet on my user name.
The window appears as normal for a few seconds, then It switches to a warning window telling me that:-

" visiting this site poses a threat to my system. Possible reasons include
Dangereous code found in this sites pages
Suspicious and potentially unsafe activity detected
Spyware infection in my system
Complaints about other users about this site
Port & system scans performed by the site being visited.

(I got this message when I vited MSE)

I am then urged to get a copy of win 7 security 2011 or continue without it (dangerous) but I cannot access the internet. I have also had a message saying I am infected with trojan-BNK.WIN.32.KEYLOGGER.GEN

I am posting this while logged in under my husbands name. Can anyone please help me to get back into my own system and sort out the problems.

I can't understand why there seems to be no problems under this username.

Browntoa

its a false warning

follow (do ALL the steps it shows in that order )

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

post the log file malwarebytes produces back here

RussJK

As above.

Also go into the Avira > Configuration > General > Threat Categories, and make sure that 'Fraudulent software' is ticked, as well as everything else other than 'games'.

It wouldn't hurt to go then into Scanner > Scan > Heuristic, then set it to High Detection Level.

pollsdolls

Browntoa wrote: »

its a false warning

follow (do ALL the steps it shows in that order )

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

post the log file malwarebytes produces back here

Thanks for your help. Sorry it has taken so long to post the log.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6569

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13/05/2011 22:14:48
mbam-log-2011-05-13 (22-14-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 324186
Time elapsed: 1 hour(s), 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Poll\AppData\Local\lxf.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Poll\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\KD07ULN3\antispywaresetup[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Poll\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\UEFTVG77\antispywaresetup[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Poll\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\ZWCO88MV\antispywaresetup[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

I am something of a wuss on fixing anything technical, so I really need the Idiots guide to fixing this. TIA

RussJK

1. Run Temp File Cleaner to remove the rest of the temp files just to be safe (http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/) and restart (since running processes including the antivirus will be disabled).
2. Run HitmanPro (http://www.surfright.nl/en/hitmanpro), pick 64bit if you have a 64bit OS
3. Run Avast rootkit scanner, use the guide on the page if it finds a rootkit, don't panic at any other gibberish (http://public.avast.com/~gmerek/aswMBR.htm). Only post a log if it finds a rootkit.
4. Run TDSSkiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe), cure if it finds a rootkit, and just say if it finds something or not.
5. Save Hijackthis to the desktop (http://www.trendmicro.com/ftp/products/hijackthis/beta/HijackThis.exe) then hold down LEFT SHIFT while RIGHT CLICKING on it, and Run as Administrator. Do system scan and save log, then paste the log here. Don't fix anything.

pollsdolls

RussJK wrote: »

As above.

Also go into the Avira > Configuration > General > Threat Categories, and make sure that 'Fraudulent software' is ticked, as well as everything else other than 'games'.

It wouldn't hurt to go then into Scanner > Scan > Heuristic, then set it to High Detection Level.

Thanks RussJK. I have ticked 'Fraudulent software'
I have left games unticked,

but the following are also unticked.....

application
jokes
programmes that violate the private domain
Unusual runtime compression.

Should I also tick these?? (Help) :eek:

RussJK

pollsdolls wrote: »

Thanks RussJK. I have ticked 'Fraudulent software'
I have left games unticked,

but the following are also unticked.....

application
jokes
programmes that violate the private domain
Unusual runtime compression.

Should I also tick these?? (Help) :eek:

Tick the last two i.e. spyware and potentially dodgy programs.

Application is just for things you might not want on your system but aren't necessarily malware, and 'jokes' are like the programs that turn your screen upside down as a trick but essentially harmless

pollsdolls

Can't thank you enough RussJK and Browntoa. :T:T I am going to ask my OH to do the rest of it, then I can blame him if it goes wrong.

He will attempt it tomorrow as has had a tipple tonight. I have also made the amendments on Avira.

You really are great on this techie thread. I will sleep better tonight. I really do hate computers sometimes though.

RussJK

pollsdolls wrote: »

Can't thank you enough RussJK and Browntoa. :T:T I am going to ask my OH to do the rest of it, then I can blame him if it goes wrong. He will attempt it tomorrow as has had a tipple tonight. I have also made the amendments on Avira.

No worries! In that case, leave the computer overnight running a complete system scan from Avira, and turn the internet off.

RussJK

How did you go with the first 4 steps?

You have Bullguard installed alongside Avira - I would uninstall Bullguard and end any paid subscription you have to it.

Edit: HJT log is gone?

closed

scan with tdsskiller